2 * Copyright (c) 1983, 1993, 1994
3 * The Regents of the University of California. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. All advertising materials mentioning features or use of this software
15 * must display the following acknowledgement:
16 * This product includes software developed by the University of
17 * California, Berkeley and its contributors.
18 * 4. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * @(#) Copyright (c) 1983, 1993, 1994 The Regents of the University of California. All rights reserved.
35 * @(#)lpd.c 8.7 (Berkeley) 5/10/95
36 * $FreeBSD: src/usr.sbin/lpr/lpd/lpd.c,v 1.12.2.22 2002/06/30 04:09:11 gad Exp $
37 * $DragonFly: src/usr.sbin/lpr/lpd/lpd.c,v 1.5 2004/12/18 22:48:03 swildner Exp $
41 * lpd -- line printer daemon.
43 * Listen for a connection and perform the requested operation.
46 * check the queue for jobs and print any found.
48 * receive a job from another machine and queue it.
49 * \3printer [users ...] [jobs ...]\n
50 * return the current state of the queue (short form).
51 * \4printer [users ...] [jobs ...]\n
52 * return the current state of the queue (long form).
53 * \5printer person [users ...] [jobs ...]\n
54 * remove jobs from the queue.
56 * Strategy to maintain protected spooling area:
57 * 1. Spooling area is writable only by daemon and spooling group
58 * 2. lpr runs setuid root and setgrp spooling group; it uses
59 * root to access any file it wants (verifying things before
60 * with an access call) and group id to know how it should
61 * set up ownership of files in the spooling area.
62 * 3. Files in spooling area are owned by root, group spooling
63 * group, with mode 660.
64 * 4. lpd, lpq and lprm run setuid daemon and setgrp spooling group to
65 * access files and printer. Users can't get to anything
66 * w/o help of lpq and lprm programs.
69 #include <sys/param.h>
71 #include <sys/types.h>
72 #include <sys/socket.h>
76 #include <netinet/in.h>
77 #include <arpa/inet.h>
94 #include "pathnames.h"
97 int lflag; /* log requests flag */
98 int sflag; /* no incoming port flag */
99 int from_remote; /* from remote socket */
101 int main(int argc, char **_argv);
102 static void reapchild(int _signo);
103 static void mcleanup(int _signo);
104 static void doit(void);
105 static void startup(void);
106 static void chkhost(struct sockaddr *_f, int _ch_opts);
107 static int ckqueue(struct printer *_pp);
108 static void fhosterr(int _ch_opts, char *_sysmsg, char *_usermsg);
109 static int *socksetup(int _af, int _debuglvl);
110 static void usage(void);
112 /* XXX from libc/net/rcmd.c */
113 extern int __ivaliduser_sa(FILE *, struct sockaddr *, socklen_t,
114 const char *, const char *);
118 #define LPD_NOPORTCHK 0001 /* skip reserved-port check */
119 #define LPD_LOGCONNERR 0002 /* (sys)log connection errors */
120 #define LPD_ADDFROMLINE 0004 /* just used for fhosterr() */
123 main(int argc, char **argv)
125 int ch_options, errs, f, funix, *finet, i, lfd, socket_debug;
127 struct sockaddr_un un, fromunix;
128 struct sockaddr_storage frominet;
130 sigset_t omask, nmask;
131 struct servent *sp, serv;
132 int inet_flag = 0, inet6_flag = 0;
134 euid = geteuid(); /* these shouldn't be different */
139 gethostname(local_host, sizeof(local_host));
144 errx(EX_NOPERM,"must run as root");
147 while ((i = getopt(argc, argv, "cdlpswW46")) != -1)
150 /* log all kinds of connection-errors to syslog */
151 ch_options |= LPD_LOGCONNERR;
159 case 'p': /* letter initially used for -s */
161 * This will probably be removed with 5.0-release.
164 case 's': /* secure (no inet) */
167 case 'w': /* netbsd uses -w for maxwait */
169 * This will be removed after the release of 4.4, as
170 * it conflicts with -w in netbsd's lpd. For now it
171 * is just a warning, so we won't suddenly break lpd
172 * for anyone who is currently using the option.
175 "NOTE: the -w option has been renamed -W");
177 "NOTE: please change your lpd config to use -W");
180 /* allow connections coming from a non-reserved port */
181 /* (done by some lpr-implementations for MS-Windows) */
182 ch_options |= LPD_NOPORTCHK;
193 errx(EX_USAGE, "lpd compiled sans INET6 (IPv6 support)");
197 * The following options are not in FreeBSD (yet?), but are
198 * listed here to "reserve" them, because the option-letters
199 * are used by either NetBSD or OpenBSD (as of July 2001).
201 case 'b': /* set bind-addr */
202 case 'n': /* set max num of children */
203 case 'r': /* allow 'of' for remote ptrs */
204 /* ...[not needed in freebsd] */
209 if (inet_flag && inet6_flag)
217 if ((i = atoi(argv[0])) == 0)
219 if (i < 0 || i > USHRT_MAX)
220 errx(EX_USAGE, "port # %d is invalid", i);
222 serv.s_port = htons(i);
226 sp = getservbyname("printer", "tcp");
228 errx(EX_OSFILE, "printer/tcp: unknown service");
235 * We run chkprintcap right away to catch any errors and blat them
236 * to stderr while we still have it open, rather than sending them
237 * to syslog and leaving the user wondering why lpd started and
238 * then stopped. There should probably be a command-line flag to
239 * ignore errors from chkprintcap.
246 err(EX_OSERR, "cannot fork");
247 } else if (pid == 0) { /* child */
248 execl(_PATH_CHKPRINTCAP, _PATH_CHKPRINTCAP, NULL);
249 err(EX_OSERR, "cannot execute %s", _PATH_CHKPRINTCAP);
251 if (waitpid(pid, &status, 0) < 0) {
252 err(EX_OSERR, "cannot wait");
254 if (WIFEXITED(status) && WEXITSTATUS(status) != 0)
255 errx(EX_OSFILE, "%d errors in printcap file, exiting",
256 WEXITSTATUS(status));
261 * Set up standard environment by detaching from the parent.
266 openlog("lpd", LOG_PID, LOG_LPR);
267 syslog(LOG_INFO, "lpd startup: logging=%d%s%s", lflag,
268 socket_debug ? " dbg" : "", sflag ? " net-secure" : "");
271 * NB: This depends on O_NONBLOCK semantics doing the right thing;
272 * i.e., applying only to the O_EXLOCK and not to the rest of the
273 * open/creation. As of 1997-12-02, this is the case for commonly-
274 * used filesystems. There are other places in this code which
275 * make the same assumption.
277 lfd = open(_PATH_MASTERLOCK, O_WRONLY|O_CREAT|O_EXLOCK|O_NONBLOCK,
280 if (errno == EWOULDBLOCK) /* active daemon present */
282 syslog(LOG_ERR, "%s: %m", _PATH_MASTERLOCK);
285 fcntl(lfd, F_SETFL, 0); /* turn off non-blocking mode */
288 * write process id for others to know
290 sprintf(line, "%u\n", getpid());
292 if (write(lfd, line, f) != f) {
293 syslog(LOG_ERR, "%s: %m", _PATH_MASTERLOCK);
296 signal(SIGCHLD, reapchild);
298 * Restart all the printers.
301 unlink(_PATH_SOCKETNAME);
302 funix = socket(AF_UNIX, SOCK_STREAM, 0);
304 syslog(LOG_ERR, "socket: %m");
309 sigaddset(&nmask, SIGHUP);
310 sigaddset(&nmask, SIGINT);
311 sigaddset(&nmask, SIGQUIT);
312 sigaddset(&nmask, SIGTERM);
313 sigprocmask(SIG_BLOCK, &nmask, &omask);
316 signal(SIGHUP, mcleanup);
317 signal(SIGINT, mcleanup);
318 signal(SIGQUIT, mcleanup);
319 signal(SIGTERM, mcleanup);
320 memset(&un, 0, sizeof(un));
321 un.sun_family = AF_UNIX;
322 strcpy(un.sun_path, _PATH_SOCKETNAME);
324 #define SUN_LEN(unp) (strlen((unp)->sun_path) + 2)
326 if (bind(funix, (struct sockaddr *)&un, SUN_LEN(&un)) < 0) {
327 syslog(LOG_ERR, "ubind: %m");
331 sigprocmask(SIG_SETMASK, &omask, NULL);
332 FD_ZERO(&defreadfds);
333 FD_SET(funix, &defreadfds);
336 finet = socksetup(family, socket_debug);
338 finet = NULL; /* pretend we couldn't open TCP socket. */
340 for (i = 1; i <= *finet; i++) {
341 FD_SET(finet[i], &defreadfds);
346 * Main loop: accept, do a request, continue.
348 memset(&frominet, 0, sizeof(frominet));
349 memset(&fromunix, 0, sizeof(fromunix));
351 syslog(LOG_INFO, "lpd startup: ready to accept requests");
353 * XXX - should be redone for multi-protocol
359 FD_COPY(&defreadfds, &readfds);
360 nfds = select(20, &readfds, 0, 0, 0);
362 if (nfds < 0 && errno != EINTR)
363 syslog(LOG_WARNING, "select: %m");
366 domain = -1; /* avoid compile-time warning */
367 s = -1; /* avoid compile-time warning */
368 if (FD_ISSET(funix, &readfds)) {
369 domain = AF_UNIX, fromlen = sizeof(fromunix);
371 (struct sockaddr *)&fromunix, &fromlen);
373 for (i = 1; i <= *finet; i++)
374 if (FD_ISSET(finet[i], &readfds)) {
376 fromlen = sizeof(frominet);
378 (struct sockaddr *)&frominet,
384 syslog(LOG_WARNING, "accept: %m");
389 * Note that printjob() also plays around with
390 * signal-handling routines, and may need to be
391 * changed when making changes to signal-handling.
393 signal(SIGCHLD, SIG_DFL);
394 signal(SIGHUP, SIG_IGN);
395 signal(SIGINT, SIG_IGN);
396 signal(SIGQUIT, SIG_IGN);
397 signal(SIGTERM, SIG_IGN);
399 if (sflag == 0 && finet) {
400 for (i = 1; i <= *finet; i++)
405 if (domain == AF_INET) {
406 /* for both AF_INET and AF_INET6 */
408 chkhost((struct sockaddr *)&frominet,
420 reapchild(int signo __unused)
424 while (wait3(&status, WNOHANG, 0) > 0)
432 * XXX syslog(3) is not signal-safe.
436 syslog(LOG_INFO, "exiting on signal %d", signo);
438 syslog(LOG_INFO, "exiting");
440 unlink(_PATH_SOCKETNAME);
445 * Stuff for handling job specifications
447 char *user[MAXUSERS]; /* users to process */
448 int users; /* # of users in user array */
449 int requ[MAXREQUESTS]; /* job number of spool entries */
450 int requests; /* # of spool requests */
451 char *person; /* name of person doing lprm */
453 /* buffer to hold the client's machine-name */
454 static char frombuf[MAXHOSTNAMELEN];
455 char cbuf[BUFSIZ]; /* command line buffer */
456 const char *cmdnames[] = {
471 struct printer myprinter, *pp = &myprinter;
473 init_printer(&myprinter);
478 if (cp >= &cbuf[sizeof(cbuf) - 1])
479 fatal(0, "Command line too long");
480 if ((n = read(STDOUT_FILENO, cp, 1)) != 1) {
482 fatal(0, "Lost connection");
485 } while (*cp++ != '\n');
489 if (*cp >= '\1' && *cp <= '\5')
490 syslog(LOG_INFO, "%s requests %s %s",
491 from_host, cmdnames[(u_char)*cp], cp+1);
493 syslog(LOG_INFO, "bad request (%d) from %s",
497 case CMD_CHECK_QUE: /* check the queue, print any jobs there */
500 case CMD_TAKE_THIS: /* receive files to be queued */
502 syslog(LOG_INFO, "illegal request (%d)", *cp);
507 case CMD_SHOWQ_SHORT: /* display the queue (short form) */
508 case CMD_SHOWQ_LONG: /* display the queue (long form) */
509 /* XXX - this all needs to be redone. */
522 if (requests >= MAXREQUESTS)
523 fatal(0, "Too many requests");
524 requ[requests++] = atoi(cp);
526 if (users >= MAXUSERS)
527 fatal(0, "Too many users");
531 status = getprintcap(printer, pp);
533 fatal(pp, "%s", pcaperr(status));
534 displayq(pp, cbuf[0] == CMD_SHOWQ_LONG);
536 case CMD_RMJOB: /* remove a job from the queue */
538 syslog(LOG_INFO, "illegal request (%d)", *cp);
542 while (*cp && *cp != ' ')
559 if (requests >= MAXREQUESTS)
560 fatal(0, "Too many requests");
561 requ[requests++] = atoi(cp);
563 if (users >= MAXUSERS)
564 fatal(0, "Too many users");
571 fatal(0, "Illegal service request");
576 * Make a pass through the printcap database and start printing any
577 * files left from the last time the machine went down.
582 int pid, status, more;
583 struct printer myprinter, *pp = &myprinter;
585 more = firstprinter(pp, &status);
589 if (ckqueue(pp) <= 0) {
593 syslog(LOG_INFO, "lpd startup: work for %s",
595 if ((pid = fork()) < 0) {
596 syslog(LOG_WARNING, "lpd startup: cannot fork for %s",
607 more = nextprinter(pp, &status);
611 "lpd startup: printcap entry for %s has errors, skipping",
612 pp->printer ? pp->printer : "<noname?>");
613 } while (more && status);
618 * Make sure there's some work to do before forking off a child
621 ckqueue(struct printer *pp)
627 spooldir = pp->spool_dir;
628 if ((dirp = opendir(spooldir)) == NULL)
630 while ((d = readdir(dirp)) != NULL) {
631 if (d->d_name[0] != 'c' || d->d_name[1] != 'f')
632 continue; /* daemon control files only */
634 return (1); /* found something */
640 #define DUMMY ":nobody::"
643 * Check to see if the host connecting to this host has access to any
644 * lpd services on this host.
647 chkhost(struct sockaddr *f, int ch_opts)
649 struct addrinfo hints, *res, *r;
651 char hostbuf[NI_MAXHOST], ip[NI_MAXHOST];
652 char serv[NI_MAXSERV];
653 char *syserr, *usererr;
654 int error, errsav, fpass, good, wantsl;
657 if (ch_opts & LPD_LOGCONNERR)
658 wantsl = 1; /* also syslog the errors */
662 /* Need real hostname for temporary filenames */
663 error = getnameinfo(f, f->sa_len, hostbuf, sizeof(hostbuf), NULL, 0,
667 error = getnameinfo(f, f->sa_len, hostbuf, sizeof(hostbuf),
668 NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID);
671 "can not determine hostname for remote host (%d,%d)",
674 "Host name for your address is not known");
675 fhosterr(ch_opts, syserr, usererr);
679 "Host name for remote host (%s) not known (%d)",
682 "Host name for your address (%s) is not known",
684 fhosterr(ch_opts, syserr, usererr);
688 strlcpy(frombuf, hostbuf, sizeof(frombuf));
690 ch_opts |= LPD_ADDFROMLINE;
692 /* Need address in stringform for comparison (no DNS lookup here) */
693 error = getnameinfo(f, f->sa_len, hostbuf, sizeof(hostbuf), NULL, 0,
694 NI_NUMERICHOST | NI_WITHSCOPEID);
696 asprintf(&syserr, "Cannot print IP address (error %d)",
698 asprintf(&usererr, "Cannot print IP address for your host");
699 fhosterr(ch_opts, syserr, usererr);
702 from_ip = strdup(hostbuf);
704 /* Reject numeric addresses */
705 memset(&hints, 0, sizeof(hints));
706 hints.ai_family = family;
707 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
708 hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
709 if (getaddrinfo(from_host, NULL, &hints, &res) == 0) {
711 /* This syslog message already includes from_host */
712 ch_opts &= ~LPD_ADDFROMLINE;
713 asprintf(&syserr, "reverse lookup results in non-FQDN %s",
715 /* same message to both syslog and remote user */
716 fhosterr(ch_opts, syserr, syserr);
720 /* Check for spoof, ala rlogind */
721 memset(&hints, 0, sizeof(hints));
722 hints.ai_family = family;
723 hints.ai_socktype = SOCK_DGRAM; /*dummy*/
724 error = getaddrinfo(from_host, NULL, &hints, &res);
726 asprintf(&syserr, "dns lookup for address %s failed: %s",
727 from_ip, gai_strerror(error));
728 asprintf(&usererr, "hostname for your address (%s) unknown: %s",
729 from_ip, gai_strerror(error));
730 fhosterr(ch_opts, syserr, usererr);
734 for (r = res; good == 0 && r; r = r->ai_next) {
735 error = getnameinfo(r->ai_addr, r->ai_addrlen, ip, sizeof(ip),
736 NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID);
737 if (!error && !strcmp(from_ip, ip))
743 asprintf(&syserr, "address for remote host (%s) not matched",
746 "address for your hostname (%s) not matched", from_ip);
747 fhosterr(ch_opts, syserr, usererr);
752 hostf = fopen(_PATH_HOSTSEQUIV, "r");
755 if (__ivaliduser_sa(hostf, f, f->sa_len, DUMMY, DUMMY) == 0) {
763 hostf = fopen(_PATH_HOSTSLPD, "r");
766 /* This syslog message already includes from_host */
767 ch_opts &= ~LPD_ADDFROMLINE;
768 asprintf(&syserr, "refused connection from %s, sip=%s", from_host,
771 "Print-services are not available to your host (%s).", from_host);
772 fhosterr(ch_opts, syserr, usererr);
776 if (ch_opts & LPD_NOPORTCHK)
777 return; /* skip the reserved-port check */
779 error = getnameinfo(f, f->sa_len, NULL, 0, serv, sizeof(serv),
782 /* same message to both syslog and remote user */
783 asprintf(&syserr, "malformed from-address (%d)", error);
784 fhosterr(ch_opts, syserr, syserr);
788 if (atoi(serv) >= IPPORT_RESERVED) {
789 /* same message to both syslog and remote user */
790 asprintf(&syserr, "connected from invalid port (%s)", serv);
791 fhosterr(ch_opts, syserr, syserr);
797 * Handle fatal errors in chkhost. The first message will optionally be
798 * sent to syslog, the second one is sent to the connecting host.
800 * The idea is that the syslog message is meant for an administrator of a
801 * print server (the host receiving connections), while the usermsg is meant
802 * for a remote user who may or may not be clueful, and may or may not be
803 * doing something nefarious. Some remote users (eg, MS-Windows...) may not
804 * even see whatever message is sent, which is why there's the option to
805 * start 'lpd' with the connection-errors also sent to syslog.
807 * Given that hostnames can theoretically be fairly long (well, over 250
808 * bytes), it would probably be helpful to have the 'from_host' field at
809 * the end of any error messages which include that info.
811 * These are Fatal host-connection errors, so this routine does not return.
814 fhosterr(int ch_opts, char *sysmsg, char *usermsg)
818 * If lpd was started up to print connection errors, then write
819 * the syslog message before the user message.
820 * And for many of the syslog messages, it is helpful to first
821 * write the from_host (if it is known) as a separate syslog
822 * message, since the hostname may be so long.
824 if (ch_opts & LPD_LOGCONNERR) {
825 if (ch_opts & LPD_ADDFROMLINE) {
826 syslog(LOG_WARNING, "for connection from %s:", from_host);
828 syslog(LOG_WARNING, "%s", sysmsg);
832 * Now send the error message to the remote host which is trying
833 * to make the connection.
835 printf("%s [@%s]: %s\n", progname, local_host, usermsg);
839 * Add a minimal delay before exiting (and disconnecting from the
840 * sending-host). This is just in case that machine responds by
841 * INSTANTLY retrying (and instantly re-failing...). This may also
842 * give the other side more time to read the error message.
844 sleep(2); /* a paranoid throttling measure */
848 /* setup server socket for specified address family */
849 /* if af is PF_UNSPEC more than one socket may be returned */
850 /* the returned list is dynamically allocated, so caller needs to free it */
852 socksetup(int af, int debuglvl)
854 struct addrinfo hints, *res, *r;
855 int error, maxs, *s, *socks;
858 memset(&hints, 0, sizeof(hints));
859 hints.ai_flags = AI_PASSIVE;
860 hints.ai_family = af;
861 hints.ai_socktype = SOCK_STREAM;
862 error = getaddrinfo(NULL, "printer", &hints, &res);
864 syslog(LOG_ERR, "%s", gai_strerror(error));
868 /* Count max number of sockets we may open */
869 for (maxs = 0, r = res; r; r = r->ai_next, maxs++)
871 socks = malloc((maxs + 1) * sizeof(int));
873 syslog(LOG_ERR, "couldn't allocate memory for sockets");
877 *socks = 0; /* num of sockets counter at start of array */
879 for (r = res; r; r = r->ai_next) {
880 *s = socket(r->ai_family, r->ai_socktype, r->ai_protocol);
882 syslog(LOG_DEBUG, "socket(): %m");
885 if (setsockopt(*s, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on))
887 syslog(LOG_ERR, "setsockopt(SO_REUSEADDR): %m");
892 if (setsockopt(*s, SOL_SOCKET, SO_DEBUG, &debuglvl,
893 sizeof(debuglvl)) < 0) {
894 syslog(LOG_ERR, "setsockopt (SO_DEBUG): %m");
898 #ifdef IPV6_BINDV6ONLY
899 if (r->ai_family == AF_INET6) {
900 if (setsockopt(*s, IPPROTO_IPV6, IPV6_BINDV6ONLY,
901 &on, sizeof(on)) < 0) {
903 "setsockopt (IPV6_BINDV6ONLY): %m");
909 if (bind(*s, r->ai_addr, r->ai_addrlen) < 0) {
910 syslog(LOG_DEBUG, "bind(): %m");
922 syslog(LOG_ERR, "Couldn't bind to any socket");
933 fprintf(stderr, "usage: lpd [-cdlsW46] [port#]\n");
935 fprintf(stderr, "usage: lpd [-cdlsW] [port#]\n");